Setting up VLANs on a dump AP using OpenWRT

Installing and Using OpenWrt
1

I am super stumped. I am trying to set up a Unifi AC Pro as a dump AP running OpenWRT 23.05 on sw-config. I have three VLANs, 1,2,3, coming from the router that are working correctly with non-openwrt devices on-site, but I can't for the life of me get them to work on this dumb ap with the SSIDs properly. VLAN 1 is untagged, while 2 and 3 are tagged. I have followed this guide here and have gotten vlan 1 connected to the dump ap with wifi, but I cannot get any of the other SSIDs to connect to the other unmanaged vlan interfaces. If I try to connect to any of the SSIDs associated with a non vlan 1 interface, my phone gets stuck at "obtaining IP address" and then fails. I have pasted my config below, what am I doing wrong?

Network:


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fde2:bb84:4434::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '10.119.40.4'
	option netmask '255.255.0.0'
	option ip6assign '60'
	option gateway '10.119.40.1'
	list dns '10.119.40.1'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 2 3'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'
	option ports '0t 2t'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '0t 2t'
	option vid '3'

config interface 'san'
	option proto 'none'
	option device 'eth0.2'
	list dns '10.0.0.1'

config interface 'guest'
	option proto 'none'
	option device 'eth0.3'
	list dns '192.168.8.1'

Wireless:


config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'san'
	option mode 'ap'
	option ssid 'SwissCheese'
	option encryption 'none'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'guest'
	option encryption 'none'
	option network 'guest'

Forgot to mention, if I set the other two tagged vlan interfaces as DHCP client, they get the correct IP address for the vlan they are tagged for from the router, so I think the tagging is set correctly.

1 Like
2

You must create bridge devices for the other SSIDs as well.

config device
	   option name 'br-san'
	   option type 'bridge'
	   list ports 'eth0.2'

config device
	   option name 'br-guest'
	   option type 'bridge'
	   list ports 'eth0.3'

config interface 'san'
	   option proto 'none'
	   option device 'br-san'
	
config interface 'guest'
	   option proto 'none'
	   option device 'br-guest'

Remove the DNS settings from unmanaged interfaces, they do nothing

3

Made the changes, still not working.


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fde2:bb84:4434::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '10.119.40.4'
	option netmask '255.255.0.0'
	option ip6assign '60'
	option gateway '10.119.40.1'
	list dns '10.119.40.1'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 2 3'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option vid '2'
	option ports '0t 2t'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '0t 2t'
	option vid '3'

config interface 'san'
	option proto 'none'
	option device 'br-san'

config interface 'guest'
	option proto 'none'
	option device 'br-guest'

config device
	option type 'bridge'
	option name 'br-guest'
	list ports 'eth0.3'

config device
	option type 'bridge'
	option name 'br-san'
	list ports 'eth0.2'




config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'san'
	option mode 'ap'
	option ssid 'SwissCheese'
	option encryption 'none'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'guest'
	option encryption 'none'
	option network 'guest'
4

What is the output of brctl show?

5 
bridge name	bridge id		STP enabled	interfaces
br-lan		7fff.7483c20216b9	no		phy0-ap0
							eth0.1
br-san		7fff.7483c20216b9	no		eth0.2
br-guest		7fff.7483c20216b9	no		eth0.3
6

It is now working. I rebooted and it is now working as expected. Thank so much for the help!

7

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.